Microsoft’s Monthly Patch Tuesday Is First in 6 Months with No Actively Exploited Zero-Days

Patch Tuesday remains a cornerstone of Microsoft’s vulnerability management, but the March release marks a subtle shift in the threat landscape. After a streak of months where threat actors actively leveraged zero‑day exploits, the latest batch shows a lull in real‑world attacks. Analysts attribute this to a combination of improved internal testing, coordinated disclosure efforts, and perhaps a temporary slowdown in adversary tooling. Nonetheless, the sheer volume of 83 fixes underscores the complexity of modern software stacks and the continuous pressure on security teams to stay ahead.

The most consequential flaws this cycle revolve around privilege escalation and remote code execution vectors. Six vulnerabilities, rated as likely to be exploited, can elevate user rights, opening pathways for lateral movement within corporate networks. An Excel information‑disclosure (CVE‑2026‑26144) is particularly concerning because it can trigger a zero‑click exfiltration through the Copilot Agent, effectively bypassing user interaction. Meanwhile, two Office preview‑pane bugs (CVE‑2026‑26110 and CVE‑2026‑26113) carry CVSS scores of 8.4, enabling attackers to run arbitrary code simply by opening a malicious document—a scenario that aligns with ransomware and espionage campaigns.

For enterprises, the takeaway is clear: patch cadence alone is insufficient without robust verification and threat‑intel integration. Organizations should prioritize the six high‑likelihood exploits, validate privilege‑escalation patches in test environments, and monitor for anomalous Office document activity. Leveraging endpoint detection and response (EDR) tools to flag unexpected Copilot communications can further mitigate the Excel risk. As Microsoft continues to harden its codebase, security teams must maintain a proactive posture, combining rapid patch deployment with layered defenses to counter the evolving exploit ecosystem.